Because IPriincipal had IIdentity property is it good to implement both interface on my User class?
+5
A:
Generally, the user and the security context where the user interacts are different things, and therefore if modelled in a generic way, these should be separated as the IPrincipal and IIdentity interfacese do. (You can imagine applications where the same user can have different roles to interact with the system.)
There are applications where this two concepts are the same, in this case I think you can safely implement both interfaces with a single class. This is especially so if you don't expose the implementation class to the application logic directly, just through the IPrincial and IIdentity interfaces. If you keep this separation you can any time refactor your class wihtout breaking the application logic.
Another aspect you should keep in mind: usually to setup the security context for a user is more costly than to setup an identity (you need to grab the permissions, etc.). However in some cases the application is just referring to a user, but it is not required to have a properly configured security context. In these cases, initializing a user class instance, that serves both as identity and principal is probably a performance problem. (Of course you can solve this with other technics as well, not only by splitting up the classes.)
And finally, you should also consider, whether you want to implelement the IIdentity/IPrincipal with your own user class or just populate a GenericPrincipal/GenericIdentity instances. The most important fact here is, that IPrincipal (and IIdentity) instances must be serializable, as they might go to other AppDomains. Setting up an IPrincipal implementation that can be easily serialized and deserialized in AppDomains is not easy, and needs extra care. So unless you need a special role checking, I would recommend using GenericPrincipal/GenericIdentity. (see more here: http://sontek.vox.com/library/post/re-iprincipal-iidentity-ihttpmodule-serializable.html)
Gaspar Nagy
2008-11-21 14:52:00